public static IEnumerable <string> Convert_SidToName(Args_ConvertFrom_SID args = null)
{
return(ConvertFromSID.ConvertFrom_SID(args));
}
public static IEnumerable <string> ConvertFrom_SID(Args_ConvertFrom_SID args = null)
{
if (args == null)
{
args = new Args_ConvertFrom_SID();
}
var ADNameArguments = new Args_Convert_ADName
{
Domain = args.Domain,
Server = args.Server,
Credential = args.Credential
};
var Results = new List <string>();
foreach (var TargetSid in args.ObjectSID)
{
var trimedTargetSid = TargetSid.Trim('*');
try
{
// try to resolve any built-in SIDs first - https://support.microsoft.com/en-us/kb/243330
if (trimedTargetSid == @"S-1-0")
{
Results.Add(@"Null Authority");
}
else if (trimedTargetSid == @"S -1-0-0")
{
Results.Add(@"Nobody");
}
else if (trimedTargetSid == @"S-1-1")
{
Results.Add(@"World Authority");
}
else if (trimedTargetSid == @"S-1-1-0")
{
Results.Add(@"Everyone");
}
else if (trimedTargetSid == @"S-1-2")
{
Results.Add(@"Local Authority");
}
else if (trimedTargetSid == @"S-1-2-0")
{
Results.Add(@"Local");
}
else if (trimedTargetSid == @"S-1-2-1")
{
Results.Add(@"Console Logon ");
}
else if (trimedTargetSid == @"S-1-3")
{
Results.Add(@"Creator Authority");
}
else if (trimedTargetSid == @"S-1-3-0")
{
Results.Add(@"Creator Owner");
}
else if (trimedTargetSid == @"S-1-3-1")
{
Results.Add(@"Creator Group");
}
else if (trimedTargetSid == @"S-1-3-2")
{
Results.Add(@"Creator Owner Server");
}
else if (trimedTargetSid == @"S-1-3-3")
{
Results.Add(@"Creator Group Server");
}
else if (trimedTargetSid == @"S-1-3-4")
{
Results.Add(@"Owner Rights");
}
else if (trimedTargetSid == @"S-1-4")
{
Results.Add(@"Non-unique Authority");
}
else if (trimedTargetSid == @"S-1-5")
{
Results.Add(@"NT Authority");
}
else if (trimedTargetSid == @"S-1-5-1")
{
Results.Add(@"Dialup");
}
else if (trimedTargetSid == @"S-1-5-2")
{
Results.Add(@"Network");
}
else if (trimedTargetSid == @"S-1-5-3")
{
Results.Add(@"Batch");
}
else if (trimedTargetSid == @"S-1-5-4")
{
Results.Add(@"Interactive");
}
else if (trimedTargetSid == @"S-1-5-6")
{
Results.Add(@"Service");
}
else if (trimedTargetSid == @"S-1-5-7")
{
Results.Add(@"Anonymous");
}
else if (trimedTargetSid == @"S-1-5-8")
{
Results.Add(@"Proxy");
}
else if (trimedTargetSid == @"S-1-5-9")
{
Results.Add(@"Enterprise Domain Controllers");
}
else if (trimedTargetSid == @"S-1-5-10")
{
Results.Add(@"Principal Self");
}
else if (trimedTargetSid == @"S-1-5-11")
{
Results.Add(@"Authenticated Users");
}
else if (trimedTargetSid == @"S-1-5-12")
{
Results.Add(@"Restricted Code");
}
else if (trimedTargetSid == @"S-1-5-13")
{
Results.Add(@"Terminal Server Users");
}
else if (trimedTargetSid == @"S-1-5-14")
{
Results.Add(@"Remote Interactive Logon");
}
else if (trimedTargetSid == @"S-1-5-15")
{
Results.Add(@"This Organization ");
}
else if (trimedTargetSid == @"S-1-5-17")
{
Results.Add(@"This Organization ");
}
else if (trimedTargetSid == @"S-1-5-18")
{
Results.Add(@"Local System");
}
else if (trimedTargetSid == @"S-1-5-19")
{
Results.Add(@"NT Authority");
}
else if (trimedTargetSid == @"S-1-5-20")
{
Results.Add(@"NT Authority");
}
else if (trimedTargetSid == @"S-1-5-80-0")
{
Results.Add(@"All Services ");
}
else if (trimedTargetSid == @"S-1-5-32-544")
{
Results.Add(@"BUILTIN\Administrators");
}
else if (trimedTargetSid == @"S-1-5-32-545")
{
Results.Add(@"BUILTIN\Users");
}
else if (trimedTargetSid == @"S-1-5-32-546")
{
Results.Add(@"BUILTIN\Guests");
}
else if (trimedTargetSid == @"S-1-5-32-547")
{
Results.Add(@"BUILTIN\Power Users");
}
else if (trimedTargetSid == @"S-1-5-32-548")
{
Results.Add(@"BUILTIN\Account Operators");
}
else if (trimedTargetSid == @"S-1-5-32-549")
{
Results.Add(@"BUILTIN\Server Operators");
}
else if (trimedTargetSid == @"S-1-5-32-550")
{
Results.Add(@"BUILTIN\Print Operators");
}
else if (trimedTargetSid == @"S-1-5-32-551")
{
Results.Add(@"BUILTIN\Backup Operators");
}
else if (trimedTargetSid == @"S-1-5-32-552")
{
Results.Add(@"BUILTIN\Replicators");
}
else if (trimedTargetSid == @"S-1-5-32-554")
{
Results.Add(@"BUILTIN\Pre-Windows 2000 Compatible Access");
}
else if (trimedTargetSid == @"S-1-5-32-555")
{
Results.Add(@"BUILTIN\Remote Desktop Users");
}
else if (trimedTargetSid == @"S-1-5-32-556")
{
Results.Add(@"BUILTIN\Network Configuration Operators");
}
else if (trimedTargetSid == @"S-1-5-32-557")
{
Results.Add(@"BUILTIN\Incoming Forest Trust Builders");
}
else if (trimedTargetSid == @"S-1-5-32-558")
{
Results.Add(@"BUILTIN\Performance Monitor Users");
}
else if (trimedTargetSid == @"S-1-5-32-559")
{
Results.Add(@"BUILTIN\Performance Log Users");
}
else if (trimedTargetSid == @"S-1-5-32-560")
{
Results.Add(@"BUILTIN\Windows Authorization Access Group");
}
else if (trimedTargetSid == @"S-1-5-32-561")
{
Results.Add(@"BUILTIN\Terminal Server License Servers");
}
else if (trimedTargetSid == @"S-1-5-32-562")
{
Results.Add(@"BUILTIN\Distributed COM Users");
}
else if (trimedTargetSid == @"S-1-5-32-569")
{
Results.Add(@"BUILTIN\Cryptographic Operators");
}
else if (trimedTargetSid == @"S-1-5-32-573")
{
Results.Add(@"BUILTIN\Event Log Readers");
}
else if (trimedTargetSid == @"S-1-5-32-574")
{
Results.Add(@"BUILTIN\Certificate Service DCOM Access");
}
else if (trimedTargetSid == @"S-1-5-32-575")
{
Results.Add(@"BUILTIN\RDS Remote Access Servers");
}
else if (trimedTargetSid == @"S-1-5-32-576")
{
Results.Add(@"BUILTIN\RDS Endpoint Servers");
}
else if (trimedTargetSid == @"S-1-5-32-577")
{
Results.Add(@"BUILTIN\RDS Management Servers");
}
else if (trimedTargetSid == @"S-1-5-32-578")
{
Results.Add(@"BUILTIN\Hyper-V Administrators");
}
else if (trimedTargetSid == @"S-1-5-32-579")
{
Results.Add(@"BUILTIN\Access Control Assistance Operators");
}
else if (trimedTargetSid == @"S-1-5-32-580")
{
Results.Add(@"BUILTIN\Access Control Assistance Operators");
}
else
{
ADNameArguments.Identity = new string[] { TargetSid };
Results.AddRange(ConvertADName.Convert_ADName(ADNameArguments));
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[ConvertFrom-SID] Error converting SID '{TargetSid}' : {e}");
}
}
return(Results);
}
public static IEnumerable <FileACL> Get_PathAcl(Args_Get_PathAcl args = null)
{
if (args == null)
{
args = new Args_Get_PathAcl();
}
var ConvertArguments = new Args_ConvertFrom_SID
{
Credential = args.Credential
};
var MappedComputers = new Dictionary <string, bool>();
var FileACLs = new List <FileACL>();
foreach (var TargetPath in args.Path)
{
try
{
if (TargetPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
{
var HostComputer = new System.Uri(TargetPath).Host;
if (!MappedComputers[HostComputer])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
ComputerName = new string[] { HostComputer }, Credential = args.Credential
});
MappedComputers[HostComputer] = true;
}
}
FileSystemSecurity ACL;
var attr = File.GetAttributes(TargetPath);
if (attr.HasFlag(FileAttributes.Directory))
{
ACL = Directory.GetAccessControl(TargetPath);
}
else
{
ACL = File.GetAccessControl(TargetPath);
}
var arc = ACL.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (FileSystemAccessRule ar in arc)
{
var SID = ar.IdentityReference.Value;
ConvertArguments.ObjectSID = new string[] { SID };
var Name = ConvertFromSID.ConvertFrom_SID(ConvertArguments);
var Out = new FileACL
{
Path = TargetPath,
FileSystemRights = Convert_FileRight((uint)ar.FileSystemRights),
IdentityReference = Name,
IdentitySID = SID,
AccessControlType = ar.AccessControlType
};
FileACLs.Add(Out);
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[Get-PathAcl] error: {e}");
}
}
// remove the IPC$ mappings
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
ComputerName = MappedComputers.Keys.ToArray()
});
return(FileACLs);
}
